Commit 585d17f0 authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

Update Release Candidate

parents dc915ce0 dc9367cb
......@@ -24,11 +24,13 @@ extends =
../icu/buildout.cfg
../openssl/buildout.cfg
../libnsl/buildout.cfg
../sqlite3/buildout.cfg
../oniguruma/buildout.cfg
[php-redis]
recipe = slapos.recipe.cmmi
url = https://github.com/phpredis/phpredis/archive/5.0.0.tar.gz
md5sum = 4f11e0567a10c29394aae52a4fa8bb40
url = https://github.com/phpredis/phpredis/archive/refs/tags/6.0.1.tar.gz
md5sum = 99dd5f16bac2b0c2ec049ce21e346705
configure-command =
phpize && ./configure
environment =
......@@ -36,12 +38,10 @@ environment =
[php-imagick]
recipe = slapos.recipe.cmmi
url = https://github.com/Imagick/imagick/archive/3.4.4.tar.gz
md5sum = ef6cbadd834eb306bd91874a8f5dea03
url = https://github.com/Imagick/imagick/archive/refs/tags/3.7.0.tar.gz
md5sum = 4dbe07a2ef15d3c9e4c54d5685bdfbc9
configure-command =
phpize && ./configure
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
environment =
PKG_CONFIG_PATH=${imagemagick:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${imagemagick:location}/bin:${autoconf:location}/bin:${automake:location}/bin:${m4:location}/bin:${apache-php:location}/bin:%(PATH)s
......@@ -49,8 +49,8 @@ environment =
[php-apcu]
recipe = slapos.recipe.cmmi
url = https://github.com/krakjoe/apcu/archive/v5.1.17.tar.gz
md5sum = f64b6cd5108aea63df2d5cc301c58b2b
url = https://github.com/krakjoe/apcu/archive/refs/tags/v5.1.22.tar.gz
md5sum = 3c4c70004d1ac0e56487fcdcbb045ff6
configure-command =
phpize && ./configure
configure-options =
......@@ -65,58 +65,44 @@ shared = false
[apache-php]
recipe = slapos.recipe.cmmi
url = https://www.php.net/distributions/php-7.3.6.tar.bz2
md5sum = bde9a912fb311182cd460dad1abbc247
url = https://www.php.net/distributions/php-8.2.11.tar.xz
md5sum = 8e7f61ff53fd36be68643080c5114df9
configure-options =
--prefix=${buildout:parts-directory}/${:_buildout_section_name_}
--disable-static
--disable-zend-test
--enable-exif
--enable-ftp
--enable-gd
--enable-intl
--enable-mbstring
--enable-pcntl
--enable-session
--with-apxs2=${apache:location}/bin/apxs
--with-libxml-dir=${libxml2:location}
--with-mysql=${mariadb:location}
--with-zlib-dir=${zlib:location}
--with-bz2=${bzip2:location}
--with-gd
--with-jpeg-dir=${libjpeg:location}
--with-png-dir=${libpng:location}
--enable-gd-native-ttf
--with-freetype-dir=${freetype:location}
--with-pdo-mysql=mysqlnd
--with-mysqli=mysqlnd
--with-curl=${curl:location}
--with-imap=${cclient:location}
--with-iconv-dir=${libiconv:location}
--with-curl
--with-gettext=${gettext:location}
--with-ldap=${openldap:location}
--with-imap-ssl
--with-imap=${cclient:location}
--with-ldap=${openldap:location}
--with-mysqli=mysqlnd
--with-openssl=${openssl:location}
--with-libzip=${libzip:location}
--with-icu-dir=${icu:location}
--with-password-argon2=${argon2:location}
--enable-apcu-bc
--enable-intl
--enable-libxml
--enable-json
--enable-mbstring
--enable-pcntl
--enable-session
--enable-exif
--enable-ftp
--enable-zip
--disable-zend-test
--disable-static
--with-pdo-mysql=mysqlnd
--with-zip
--with-zlib
# Changing TMPDIR is required for PEAR installation.
# It will create a pear/temp directory under the SR instead of a shared /tmp/pear/temp.
# XXX we could mkdir tmp there
environment =
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PKG_CONFIG_PATH=${libxml2:location}/lib/pkgconfig:${openssl:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig:${sqlite3:location}/lib/pkgconfig:${curl:location}/lib/pkgconfig:${icu:location}/lib/pkgconfig:${oniguruma:location}/lib/pkgconfig:${argon2:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig:${mariadb:location}/lib/pkgconfig:${libjpeg:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${freetype:location}/lib/pkgconfig:${libiconv:location}/lib/pkgconfig:${libzip:location}/lib/pkgconfig
PATH=${pkgconfig:location}/bin:${bzip2:location}/bin:${libxml2:location}/bin:%(PATH)s
CPPFLAGS=-I${libzip:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib -L${argon2:location}/lib/x86_64-linux-gnu -Wl,-rpath -Wl,${argon2:location}/lib/x86_64-linux-gnu -Wl,-rpath -Wl,${zstd:location}/lib -L${libnsl:location}/lib -Wl,-rpath -Wl,${libnsl:location}/lib
TMPDIR=${buildout:parts-directory}/${:_buildout_section_name_}
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath -Wl,${bzip2:location}/lib -Wl,-rpath -Wl,${curl:location}/lib -L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${mariadb:location}/lib -Wl,-rpath -Wl,${mariadb:location}/lib -L${zlib:location}/lib -Wl,-rpath -Wl,${zlib:location}/lib -L${libzip:location}/lib -Wl,-rpath -Wl,${libzip:location}/lib -L${argon2:location}/lib/x86_64-linux-gnu -Wl,-rpath -Wl,${argon2:location}/lib/x86_64-linux-gnu -Wl,-rpath -Wl,${zstd:location}/lib -L${libnsl:location}/lib -Wl,-rpath -Wl,${libnsl:location}/lib -L${sqlite3:location}/lib -Wl,-rpath -Wl,${sqlite3:location}/lib
TMPDIR=@@LOCATION@@
HOME=${apache:location}
[xml-rpc]
recipe = slapos.recipe.cmmi
url = http://downloads.sourceforge.net/project/phpxmlrpc/phpxmlrpc/2.2.2/xmlrpc-2.2.2.tar.gz
url = https://github.com/gggeek/phpxmlrpc/releases/download/2.2.2/xmlrpc-2.2.2.tar.gz
md5sum = 59a644c636c6d98267d0c99b406ae9e8
[buildout]
extends =
../patch/buildout.cfg
parts = busybox
[busybox]
recipe = slapos.recipe.build
url = http://git.busybox.net/busybox/snapshot/busybox-1_20_2.tar.gz
md5sum = 025acebb48040ef62dd635d416d317e8
patches =
${:_profile_base_location_}/busybox-1_20_2.patch#292498db86c46e101bb14bf2c74c36f0
install =
env = self.environ
extract_dir = self.extract(self.download(options['url'], options['md5sum']))
workdir = guessworkdir(extract_dir)
self.applyPatchList(options.get('patches'), '-p1', cwd=workdir)
self.logger.info("Creating default configuration")
call(['make', 'defconfig'], cwd=workdir, env=env)
self.logger.info("Building")
call(['make'], cwd=workdir, env=env)
self.logger.info("Installing")
call(['make', 'CONFIG_PREFIX=' + location, 'install'], cwd=workdir, env=env)
self.logger.info("Installation finished")
environment =
PATH=${patch:location}/bin:%(PATH)s
diff --git a/include/libbb.h b/include/libbb.h
index f12800f..e7806c2 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -40,6 +40,7 @@
#include <sys/poll.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
+#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
......@@ -12,14 +12,17 @@ parts =
[ca-certificates]
recipe = slapos.recipe.cmmi
shared = true
url = http://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20210119.tar.xz
md5sum = c02582bf9ae338e558617291897615eb
url = https://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20230311.tar.xz
md5sum = fc1c3ec0067385f0be8ac7f6e670a0f8
patch-binary = ${patch:location}/bin/patch
patches =
${:_profile_base_location_}/ca-certificates-any-python.patch#c13b44dfc3157dda13a9a2ff97a9d501
${:_profile_base_location_}/ca-certificates-sbin-dir.patch#0b4e7d82ce768823c01954ee41ef177b
${:_profile_base_location_}/ca-certificates-any-python.patch#a5817d1b7162f8f814960f72c747e3af
${:_profile_base_location_}/ca-certificates-mkdir-p.patch#02ed8a6d60c39c4b088657888af345ef
${:_profile_base_location_}/ca-certificates-no-cryptography.patch#14ad1308623b0d15420906ae3d9b4867
patch-options = -p0
configure-command = true
make-targets = install DESTDIR=@@LOCATION@@ CERTSDIR=certs SBINDIR=sbin
environment =
PATH=${xz-utils:location}/bin:%(PATH)s
pre-make-hook =
${:_profile_base_location_}/ca-certificates-pre-make-hook.py#9e2f6f22d91ea7a089f0ea2c523b0c1e:pre_make_hook
......@@ -11,13 +11,12 @@
if line.startswith('CKA_CLASS'):
--- mozilla/Makefile 2015-12-20 10:49:23.000000000 +0100
+++ mozilla/Makefile 2016-01-05 20:19:11.006874271 +0100
@@ -3,7 +3,8 @@
@@ -3,7 +3,7 @@
#
all:
- python3 certdata2pem.py
+ for x in 3 '' 2; do type python$$x && break; done >/dev/null \
+ && python$$x certdata2pem.py
+ SLAPOS_BUILDOUT_PYTHON certdata2pem.py
clean:
-rm -f *.crt
......@@ -9,19 +9,3 @@
$(MAKE) -C $$dir install CERTSDIR=$(DESTDIR)/$(CERTSDIR)/$$dir; \
done
for dir in sbin; do \
--- sbin/Makefile.orig 2011-12-11 20:54:02.000000000 +0100
+++ sbin/Makefile 2012-01-09 17:31:45.207387898 +0100
@@ -3,9 +3,12 @@
#
#
+SBINDIR=/usr/sbin
+
all:
clean:
install:
- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
+ mkdir -p $(DESTDIR)/$(SBINDIR)
+ install -m755 update-ca-certificates $(DESTDIR)/$(SBINDIR)
Don't depend on cryptography
Revert https://salsa.debian.org/debian/ca-certificates/-/commit/8033d52259172b4bddc0f8bbcb6f6566b348db72
we don't need this here.
--- mozilla/certdata2pem.py 2023-01-14 22:58:27.000000000 +0900
+++ mozilla/certdata2pem.py 2023-10-02 22:13:31.355540545 +0900
@@ -21,15 +21,12 @@
# USA.
import base64
-import datetime
import os.path
import re
import sys
import textwrap
import io
-from cryptography import x509
-
objects = []
@@ -122,12 +119,6 @@
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
import pathlib
import sys
def pre_make_hook(options, buildout, environ):
makefile = pathlib.Path('mozilla/Makefile')
txt = makefile.read_text().replace('SLAPOS_BUILDOUT_PYTHON', sys.executable)
makefile.write_text(txt)
[buildout]
extends =
nss.cfg
parts =
corocosync
[corosync]
recipe = slapos.recipe.cmmi
url = ftp://ftp:downloads@corosync.org/downloads/corosync-1.3.1/corosync-1.3.1.tar.gz
md5sum = c58459a009a3a9d0b9c00e276a190d90
environment =
CPPFLAGS=-I${nspr:location}/include/nspr -I${nss:location}/include/nss
PKG_CONFIG_PATH=${nss:location}/lib/pkgconfig:${nspr:location}/lib/pkgconfig
LDFLAGS =-L${nspr:location}/lib -Wl,-rpath=${nspr:location}/lib -L${nss:location}/lib -Wl,-rpath=${nss:location}/lib -Wl,-rpath=${buildout:parts-directory}/${:_buildout_section_name_}/lib
......@@ -10,7 +10,7 @@ extends =
[cups]
recipe = slapos.recipe.cmmi
shared = true
url = http://www.cups.org/software/1.7.4/cups-1.7.4-source.tar.bz2
url = https://github.com/apple/cups/releases/download/release-1.7.4/cups-1.7.4-source.tar.bz2
md5sum = 1a2295c2b2d2f422db2e50f40ed2fb99
configure-options =
--disable-static
......
......@@ -19,8 +19,8 @@ parts =
[curl]
recipe = slapos.recipe.cmmi
shared = true
url = https://curl.se/download/curl-8.0.1.tar.xz
md5sum = f6c2fdeb30ad30234378a56c28350845
url = https://curl.se/download/curl-8.4.0.tar.bz2
md5sum = 1a61fde1fe5c7db5c29c1196435188a5
configure-options =
--disable-static
--disable-ech
......
[buildout]
parts = embulk
[embulk]
recipe = slapos.recipe.build:download
url = https://dl.bintray.com/embulk/maven/embulk-0.9.7.jar
md5sum = 05f41d3750ec359fc10c1dc3e30f238e
filename = embulk.jar
......@@ -11,8 +11,8 @@ extends =
[file]
recipe = slapos.recipe.cmmi
shared = true
url = http://ftp.astron.com/pub/file/file-5.44.tar.gz
md5sum = a60d586d49d015d842b9294864a89c7a
url = http://ftp.astron.com/pub/file/file-5.45.tar.gz
md5sum = 26b2a96d4e3a8938827a1e572afd527a
configure-options =
--disable-static
--disable-libseccomp
......
......@@ -14,12 +14,15 @@ parts =
[freetype]
recipe = slapos.recipe.cmmi
shared = true
url = http://download.savannah.gnu.org/releases/freetype/freetype-2.7.1.tar.bz2
md5sum = b3230110e0cab777e0df7631837ac36e
url = https://download.savannah.gnu.org/releases/freetype/freetype-2.13.2.tar.xz
md5sum = 1f625f0a913c449551b1e3790a1817d7
pkg_config_depends = ${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig
location = @@LOCATION@@
configure-options =
--disable-static
--enable-freetype-config
--without-brotli
--without-librsvg
environment =
PATH=${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
......
......@@ -14,8 +14,8 @@ parts = ghostscript
[ghostscript]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9550/ghostscript-9.55.0.tar.xz
md5sum = 92aa46e75c4f32eb11d9c975053d876c
url = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10020/ghostscript-10.02.0.tar.xz
md5sum = 80c1cdfada72f2eb5987dc0d590ea5b2
pkg_config_depends = ${libtiff:location}/lib/pkgconfig:${libjpeg:location}/lib/pkgconfig:${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}
# XXX --with-tessdata work arounds a slaprunner bug of having softwares installed in a path containing //
configure-options =
......@@ -23,6 +23,7 @@ configure-options =
--disable-threadsafe
--with-system-libtiff
--without-libidn
--without-so
--without-x
--with-drivers=FILES
--with-tessdata=$(python -c 'print("""${:tessdata-location}""".replace("//", "/"))')
......
......@@ -18,8 +18,8 @@ parts =
[git]
recipe = slapos.recipe.cmmi
shared = true
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.40.1.tar.xz
md5sum = 125d13c374a9ec9253f42c483bacec31
url = https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.42.0.tar.xz
md5sum = e61c187f6863d5e977e60cdedf213ec0
configure-options =
--with-curl=${curl:location}
--with-openssl=${openssl:location}
......
......@@ -7,6 +7,7 @@ extends =
../patch/buildout.cfg
../pcre2/buildout.cfg
../perl/buildout.cfg
../python3/buildout.cfg
../pkgconfig/buildout.cfg
../xz-utils/buildout.cfg
../zlib/buildout.cfg
......@@ -27,7 +28,7 @@ make-binary = ninja -C builddir
pkg_config_depends = ${pcre2:location}/lib/pkgconfig:${libffi:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
environment =
PKG_CONFIG_PATH=${:pkg_config_depends}
PATH=${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${python3:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
CFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib -Wl,-rpath=${pcre2:location}/lib
post-install = rm %(location)s/bin/gtester-report
......@@ -6,6 +6,7 @@ extends =
../meson/buildout.cfg
../ninja/buildout.cfg
../perl/buildout.cfg
../python3/buildout.cfg
../pkgconfig/buildout.cfg
../xz-utils/buildout.cfg
parts =
......@@ -20,7 +21,7 @@ pkg_config_depends = ${glib:location}/lib/pkgconfig:${glib:pkg_config_depends}:$
configure-command = ${meson:location}/bin/meson builddir --libdir=lib -Dprefix=@@LOCATION@@
make-binary = ninja -C builddir
environment =
PATH=${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${glib:location}/bin:${ninja:location}/bin:%(PATH)s
PATH=${python3:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${glib:location}/bin:${ninja:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CPPFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib -Wl,-rpath=${libsigc:location}/lib -Wl,-rpath=@@LOCATION@@/lib
......@@ -14,6 +14,7 @@ extends =
../libtool/buildout.cfg
../m4/buildout.cfg
../perl/buildout.cfg
../python3/buildout.cfg
../pkgconfig/buildout.cfg
../xorg/buildout.cfg
../icu/buildout.cfg
......@@ -81,7 +82,7 @@ configure-options =
--disable-static
--disable-gtk-doc-html
environment =
PATH=${glib:location}/bin:${freetype:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${glib:location}/bin:${python3:location}/bin:${freetype:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
LDFLAGS=-Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${bzip2:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${harfbuzz:location}/lib -Wl,-rpath=${glib:location}/lib
......@@ -94,7 +95,7 @@ configure-command = ${meson:location}/bin/meson builddir --wrap-mode=nodownload
make-binary = ninja -C builddir
pkg_config_depends = ${glib:location}/lib/pkgconfig:${glib:pkg_config_depends}:${libX11:location}/lib/pkgconfig:${libX11:pkg_config_depends}:${libpng:location}/lib/pkgconfig:${libjpeg:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig
environment =
PATH=${glib:location}/bin:${perl:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${libpng:location}/bin%(PATH)s
PATH=${glib:location}/bin:${perl:location}/bin:${python3:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${libpng:location}/bin%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib -Wl,-rpath=${jbigkit:location}/lib -Wl,-rpath=${libtiff:location}/lib -Wl,-rpath=${libjpeg:location}/lib -Wl,-rpath=${libpng:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib
......@@ -107,7 +108,7 @@ md5sum = 4dcea15cbf166706c166fc4fee05e3f8
configure-command = ${meson:location}/bin/meson builddir --wrap-mode=nodownload --libdir=lib -Dprefix=@@LOCATION@@ -Ddocs=false -Dintrospection=false
make-binary = ninja -C builddir
environment =
PATH=${glib:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${glib:location}/bin:${python3:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${glib:location}/lib/pkgconfig:${glib:pkg_config_depends}
CFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
......@@ -127,7 +128,7 @@ configure-options =
--disable-xinerama
--disable-gtk-doc-html
environment =
PATH=${gdk-pixbuf:location}/bin:${glib:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${python3:location}/bin:${gdk-pixbuf:location}/bin:${glib:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
# not taken from pkg-config result...
CPPFLAGS=-I${gettext:location}/include -I${libX11:location}/include/ -I${xproto:location}/include -I${xorgproto:location}/include -I${libXrender:location}/include -I${renderext:location}/include -I${libXext:location}/include
......
......@@ -11,6 +11,7 @@ extends =
../meson/buildout.cfg
../nodejs/buildout.cfg
../ninja/buildout.cfg
../python3/buildout.cfg
../xorg/buildout.cfg
[at-spi2-core]
......@@ -21,7 +22,7 @@ md5sum = 3da5fe62a653e49dad1c47f9a46fee56
configure-options =
--disable-gtk-doc-html
environment =
PATH=${dbus:location}/bin:${gettext:location}/bin:${glib:location}/bin:${intltool:location}/bin:${perl-XML-Parser:perl-PATH}:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${dbus:location}/bin:${gettext:location}/bin:${glib:location}/bin:${intltool:location}/bin:${perl-XML-Parser:perl-PATH}:${pkgconfig:location}/bin:${xz-utils:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${dbus:location}/lib/pkgconfig:${glib:location}/lib/pkgconfig:${glib:pkg_config_depends}
CPPFLAGS=-I${inputproto:location}/include -I${xorgproto:location}/include -I${libX11:location}/include -I${libXi:location}/include -I${libXtst:location}/include -I${xextproto:location}/include -I${xproto:location}/include
LDFLAGS=-L${libX11:location}/lib -Wl,-rpath=${libX11:location}/lib -L${libXi:location}/lib -Wl,-rpath=${libXi:location}/lib -L${libXtst:location}/lib -Wl,-rpath=${libXtst:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=${glib:location}/lib
......@@ -68,7 +69,7 @@ configure-options =
--enable-xcomposite
--enable-xdamage
environment =
PATH=${gdk-pixbuf:location}/bin:${gettext:location}/bin:${glib:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PATH=${gdk-pixbuf:location}/bin:${gettext:location}/bin:${glib:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
# not taken from pkg-config result...
CPPFLAGS=-I${cairo:location}/include -I${inputproto:location}/include -I${libX11:location}/include -I${libXi:location}/include -I${xproto:location}/include -I${xorgproto:location}/include -I${libXrender:location}/include -I${renderext:location}/include -I${libXext:location}/include -I${libX11:location}/include -I${libXinerama:location}/include -I${gdk-pixbuf:location}/include -I${libXrandr:location}/include -I${xfixes:location}/include -I${libXcomposite:location}/include -I${xdamage:location}/include
......
......@@ -25,16 +25,21 @@ extends =
[imagemagick]
recipe = slapos.recipe.cmmi
shared = true
version = 7.0.2-10
version = 7.1.1-20
url = https://www.imagemagick.org/download/releases/ImageMagick-${:version}.tar.xz
md5sum = e1cb23d9c10a8eff228ef30ee281711a
pkg_config_depends = ${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${lcms2:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
md5sum = 4ce5c6854c1f8ab6ce5571a9377b1f2f
pkg_config_depends = ${fontconfig:location}/lib/pkgconfig:${fontconfig:pkg_config_depends}:${lcms2:location}/lib/pkgconfig:${libtiff:location}/lib/pkgconfig:${xz-utils:location}/lib/pkgconfig
# Change export-filename to export-png for inkscape < 1.0
pre-configure =
sed -i -e 's,--export-filename=,--export-png=,' config/delegates.xml.in
configure-options =
--disable-static
--without-x
--with-frozenpaths
--with-magick-plus-plus
--disable-openmp
--disable-opencl
--without-dmr
--without-dps
--without-djvu
--without-fftw
......@@ -43,6 +48,8 @@ configure-options =
--with-fontconfig
--without-gslib
--without-gvc
--without-heic
--without-jxl
--with-lcms
--without-openjp2
--without-lqr
......@@ -50,17 +57,21 @@ configure-options =
--without-openexr
--without-pango
--without-raqm
--without-raw
--without-rsvg
--without-webp
--without-wmf
--without-zip
--without-zstd
--with-bzlib=${bzip2:location}
--with-zlib=${zlib:location}
--with-frozenpaths
patch-options = -p1
patches =
${:_profile_base_location_}/imagemagick-7.0.2-10-no-gsx-gsc-probe.patch#64898455d5175efedd1a7bef9f1f18b5
${:_profile_base_location_}/safe_policy.patch#383c0392de7257c9dff7270973342914
${:_profile_base_location_}/imagemagick-7.1.1-20-no-gsx-gsc-probe.patch#98762d1977e5bce2e12954818a671eb9
${:_profile_base_location_}/safe_policy.patch#0226c51e276f397b5900815c17dcf117
environment =
PATH=${freetype:location}/bin:${ghostscript:location}/bin:${inkscape:location}/bin:${libxml2:location}/bin:${patch:location}/bin:${pkgconfig:location}/bin:${xz-utils:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtiff:location}/include -I${libtool:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtiff:location}/lib -Wl,-rpath=${libtiff:location}/lib -L${libtool:location}/lib -Wl,-rpath=${libtool:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib
CPPFLAGS=-I${bzip2:location}/include -I${zlib:location}/include -I${jbigkit:location}/include -I${libjpeg:location}/include -I${libtool:location}/include -I${libpng:location}/include -I${jasper:location}/include -I${freetype:location}/include
LDFLAGS=-L${bzip2:location}/lib -Wl,-rpath=${bzip2:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${libtool:location}/lib -Wl,-rpath=${libtool:location}/lib -L${libpng:location}/lib -Wl,-rpath=${libpng:location}/lib -L${jasper:location}/lib -Wl,-rpath=${jasper:location}/lib -L${freetype:location}/lib -Wl,-rpath=${freetype:location}/lib
--- ImageMagick-7.0.2-10/configure.ac.orig 2016-08-30 11:33:39.160279386 +0200
+++ ImageMagick-7.0.2-10/configure.ac 2016-08-30 11:35:34.753290590 +0200
@@ -3110,7 +3110,7 @@
AC_PATH_PROG(MrSIDDecodeDelegate, "$MrSIDDecodeDelegateDefault", "$MrSIDDecodeDelegateDefault")
AC_PATH_PROG(MVDelegate, "$MVDelegateDefault", "$MVDelegateDefault")
AC_PATH_PROG(PCLDelegate, "$PCLDelegateDefault", "$PCLDelegateDefault")
-AC_PATH_PROGS(PSDelegate, gsx gsc "$PSDelegateDefault", "$PSDelegateDefault")
+AC_PATH_PROGS(PSDelegate, "$PSDelegateDefault", "$PSDelegateDefault")
AC_PATH_PROG(RMDelegate, "$RMDelegateDefault", "$RMDelegateDefault")
AC_PATH_PROG(RSVGDecodeDelegate, "$RSVGDecodeDelegateDefault", "$RSVGDecodeDelegateDefault")
AC_PATH_PROG(SVGDecodeDelegate, "$SVGDecodeDelegateDefault", "$SVGDecodeDelegateDefault")
--- ImageMagick-7.1.1-20/configure.ac.orig 2023-10-08 23:05:13.000000000 +0200
+++ ImageMagick-7.1.1-20/configure.ac 2023-10-10 09:22:13.287693848 +0200
@@ -3317,7 +3317,7 @@
AC_PATH_PROG([MrSIDDecodeDelegate],["$MrSIDDecodeDelegateDefault"],["$MrSIDDecodeDelegateDefault"])
AC_PATH_PROG([MVDelegate],["$MVDelegateDefault"],["$MVDelegateDefault"])
AC_PATH_PROG([PCLDelegate],["$PCLDelegateDefault"],["$PCLDelegateDefault"])
-AC_PATH_PROGS([PSDelegate],[gsx gsc "$PSDelegateDefault"],["$PSDelegateDefault"])
+AC_PATH_PROGS([PSDelegate],["$PSDelegateDefault"],["$PSDelegateDefault"])
AC_PATH_PROG([RMDelegate],["$RMDelegateDefault"],["$RMDelegateDefault"])
AC_PATH_PROG([RSVGDecodeDelegate],["$RSVGDecodeDelegateDefault"],["$RSVGDecodeDelegateDefault"])
AC_PATH_PROG([SVGDecodeDelegate],["$SVGDecodeDelegateDefault"],["$SVGDecodeDelegateDefault"])
--- ImageMagick-7.0.2-10/config/policy.xml.orig 2016-08-30 11:37:29.110253211 +0200
+++ ImageMagick-7.0.2-10/config/policy.xml 2016-08-30 11:40:09.719555899 +0200
@@ -50,19 +50,28 @@
-->
--- ImageMagick-7.1.1-20.orig/config/policy-open.xml 2023-10-08 23:05:13.000000000 +0200
+++ ImageMagick-7.1.1-20/config/policy-open.xml 2023-10-10 18:29:06.846344247 +0200
@@ -84,41 +84,41 @@
<policymap>
<!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
- <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
- <!-- <policy domain="resource" name="map" value="4GiB"/> -->
- <!-- <policy domain="resource" name="width" value="10MP"/> -->
- <!-- <policy domain="resource" name="height" value="10MP"/> -->
- <!-- <policy domain="resource" name="area" value="1GB"/> -->
- <!-- <policy domain="resource" name="disk" value="16EB"/> -->
<policy domain="Undefined" rights="none"/>
<!-- Set maximum parallel threads. -->
- <!-- <policy domain="resource" name="thread" value="2"/> -->
+ <policy domain="resource" name="thread" value="2"/>
<!-- Set maximum time in seconds. When this limit is exceeded, an exception
is thrown and processing stops. -->
- <!-- <policy domain="resource" name="time" value="120"/> -->
+ <policy domain="resource" name="time" value="120"/>
<!-- Set maximum number of open pixel cache files. When this limit is
exceeded, any subsequent pixels cached to disk are closed and reopened
on demand. -->
- <!-- <policy domain="resource" name="file" value="768"/> -->
- <!-- <policy domain="resource" name="thread" value="4"/> -->
- <!-- <policy domain="resource" name="throttle" value="0"/> -->
- <!-- <policy domain="resource" name="time" value="3600"/> -->
- <!-- <policy domain="system" name="precision" value="6"/> -->
- <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
- <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
- <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+ <policy domain="resource" name="memory" value="2GiB"/>
+ <policy domain="resource" name="map" value="4GiB"/>
+ <policy domain="resource" name="width" value="10MP"/>
+ <policy domain="resource" name="height" value="10MP"/>
+ <policy domain="resource" name="area" value="1GB"/>
+ <policy domain="resource" name="disk" value="16EB"/>
+ <policy domain="resource" name="file" value="768"/>
+ <policy domain="resource" name="thread" value="4"/>
+ <policy domain="resource" name="throttle" value="0"/>
+ <policy domain="resource" name="time" value="3600"/>
+ <policy domain="system" name="precision" value="6"/>
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="delegate" rights="none" pattern="HTTPS" />
+ <policy domain="path" rights="none" pattern="@*" />
<policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/>
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="WIN" />
<!-- Set maximum amount of memory in bytes to allocate for the pixel cache
from the heap. When this limit is exceeded, the image pixels are cached
to memory-mapped disk. -->
- <!-- <policy domain="resource" name="memory" value="256MiB"/> -->
+ <policy domain="resource" name="memory" value="256MiB"/>
<!-- Set maximum amount of memory map in bytes to allocate for the pixel
cache. When this limit is exceeded, the image pixels are cached to
disk. -->
- <!-- <policy domain="resource" name="map" value="512MiB"/> -->
+ <policy domain="resource" name="map" value="512MiB"/>
<!-- Set the maximum width * height of an image that can reside in the pixel
cache memory. Images that exceed the area limit are cached to disk. -->
- <!-- <policy domain="resource" name="area" value="16KP"/> -->
+ <policy domain="resource" name="area" value="16KP"/>
<!-- Set maximum amount of disk space in bytes permitted for use by the pixel
cache. When this limit is exceeded, the pixel cache is not be created
and an exception is thrown. -->
- <!-- <policy domain="resource" name="disk" value="1GiB"/> -->
+ <policy domain="resource" name="disk" value="1GiB"/>
<!-- Set the maximum length of an image sequence. When this limit is
exceeded, an exception is thrown. -->
- <!-- <policy domain="resource" name="list-length" value="32"/> -->
+ <policy domain="resource" name="list-length" value="32"/>
<!-- Set the maximum width of an image. When this limit is exceeded, an
exception is thrown. -->
- <!-- <policy domain="resource" name="width" value="8KP"/> -->
+ <policy domain="resource" name="width" value="8KP"/>
<!-- Set the maximum height of an image. When this limit is exceeded, an
exception is thrown. -->
- <!-- <policy domain="resource" name="height" value="8KP"/> -->
+ <policy domain="resource" name="height" value="8KP"/>
<!-- Periodically yield the CPU for at least the time specified in
milliseconds. -->
- <!-- <policy domain="resource" name="throttle" value="2"/> -->
+ <policy domain="resource" name="throttle" value="2"/>
<!-- Do not create temporary files in the default shared directories, instead
specify a private area to store only ImageMagick temporary files. -->
<!-- <policy domain="resource" name="temporary-path" value="/magick/tmp/"/> -->
@@ -138,7 +138,7 @@
<!-- don't read sensitive paths. -->
<!-- <policy domain="path" rights="none" pattern="/etc/*"/> -->
<!-- Indirect reads are not permitted. -->
- <!-- <policy domain="path" rights="none" pattern="@*"/> -->
+ <policy domain="path" rights="none" pattern="@*"/>
<!-- These image types are security risks on read, but write is fine -->
<!-- <policy domain="module" rights="write" pattern="{MSL,MVG,PS,SVG,URL,XPS}"/> -->
<!-- This policy sets the number of times to replace content of certain
@@ -150,4 +150,5 @@
<!-- Set the maximum amount of memory in bytes that are permitted for
allocation requests. -->
<!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+ <policy domain="coder" rights="none" pattern="{EPHEMERAL,HTTPS,MSL,MVG,PLT,SHOW,TEXT,URL,WIN}" />
</policymap>
......@@ -20,10 +20,11 @@ extends =
../patch/buildout.cfg
../perl/buildout.cfg
../pkgconfig/buildout.cfg
../python3/buildout.cfg
../popt/buildout.cfg
../xorg/buildout.cfg
../zlib/buildout.cfg
# Inkscape < 1.1 only supports python2 and old gcc
# Inkscape < 1.1 only supports old gcc and needs python2 (and python3)
../python-2.7/buildout.cfg
../defaults.cfg
......@@ -58,7 +59,7 @@ configure-options =
-DWITH_LIBVISIO=OFF
-DWITH_LIBWPG=OFF
environment =
PATH=${cmake:location}/bin:${freetype:location}/bin:${gdk-pixbuf:location}/bin:${gettext:location}/bin:${glib:location}/bin:${intltool:location}/bin:${libxml2:location}/bin:${pango:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
PATH=${cmake:location}/bin:${freetype:location}/bin:${gdk-pixbuf:location}/bin:${gettext:location}/bin:${glib:location}/bin:${intltool:location}/bin:${libxml2:location}/bin:${pango:location}/bin:${perl:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:${python2.7:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${:pkg_config_depends}
CMAKE_INCLUDE_PATH=${boost-lib:location}/include:${freetype:location}/include:${garbage-collector:location}/include:${libjpeg:location}/include:${lcms2:location}/include:${libpng:location}/include:${zlib:location}/include
CMAKE_LIBRARY_PATH=${boost-lib:location}/lib:${freetype:location}/lib:${garbage-collector:location}/lib:${lcms2:location}/lib:${libjpeg:location}/lib:${libpng:location}/lib:${zlib:location}/lib
......
# jsl - command line javascript lint
# http://javascriptlint.com/
[buildout]
parts = jsl
[jsl]
recipe = slapos.recipe.build
url = https://src.fedoraproject.org/repo/pkgs/rpms/jsl/jsl-0.3.0-src.tar.gz/${:md5sum}/jsl-0.3.0-src.tar.gz
md5sum = 2b94ffa4fab07acabe0c5e73cd49bcdf
init =
import os
# Bypass slapos gcc if any because slapos ld can't find -lm (why?).
self.path = os.environ['PATH']
install =
import os
import sys
url = options['url']
md5sum = options['md5sum']
extract_dir = self.extract(self.download(url, md5sum))
workdir = guessworkdir(extract_dir)
call(('make', '-f', 'Makefile.ref', '-j1', 'DIST=' + location, 'all', 'export'),
cwd=os.path.join(workdir, 'src'), env=dict(os.environ, PATH=self.path))
......@@ -22,7 +22,7 @@ configure-options =
--disable-webp
patch-options = -p1
patches =
${:_profile_base_location_}/debian_4.2.0-1+deb11u3.patch#d4396255ca214694501f4a44e8e685c6
${:_profile_base_location_}/debian_4.2.0-1+deb11u4.patch#88940ccaedc6337b8ee1577fbffb9e2e
environment =
CPPFLAGS=-I${libjpeg:location}/include -I${jbigkit:location}/include -I${zlib:location}/include
LDFLAGS=-L${libjpeg:location}/lib -Wl,-rpath=${libjpeg:location}/lib -L${jbigkit:location}/lib -Wl,-rpath=${jbigkit:location}/lib -L${zlib:location}/lib -Wl,-rpath=${zlib:location}/lib
......
[buildout]
parts = lynx
[lynx]
recipe = slapos.recipe.cmmi
md5sum = 124253e635f7c76bdffc47b9d036c812
url = http://lynx.isc.org/lynx2.8.7/lynx2.8.7.tar.gz
......@@ -8,8 +8,8 @@ extends =
[ngtcp2]
recipe = slapos.recipe.cmmi
shared = true
url = https://github.com/ngtcp2/ngtcp2/archive/refs/tags/v0.13.1.tar.gz
md5sum = 52a58aadbaf195cebff0289adda0e8db
url = https://github.com/ngtcp2/ngtcp2/archive/refs/tags/v0.19.1.tar.gz
md5sum = 52da88163ad1929496f7ed13943c03b4
pre-configure =
autoreconf -fisv -I ${libtool:location}/share/aclocal -I ${pkgconfig:location}/share/aclocal
automake
......
......@@ -12,13 +12,25 @@ extends =
parts =
nodejs
[nodejs]
<= nodejs-16.19.0
# nodejs 16 needs gcc > 8.3
# nodejs >= 16 needs gcc >= 8.3
[gcc]
min_version = 8.3
[nodejs]
<= nodejs-18.18.0
[nodejs-headers]
<= nodejs-headers-18.18.0
[node-gyp-environment]
# environment section to build with node-gyp.
# node-gyp downloads a tarball containing nodejs headers by default
# this uses a locally downloaded tarball, for reproductibility.
npm_config_tarball = ${nodejs-headers:target}
[nodejs-16.19.0]
<= nodejs-base
openssl_location = ${openssl:location}
......@@ -38,6 +50,18 @@ post-install =
version = v16.19.0
md5sum = e7bfbf135ae54d1dcca63bf17be84818
[nodejs-18.18.0]
<= nodejs-base
openssl_location = ${openssl:location}
version = v18.18.0
md5sum = a1ce8df7e6b9df9f4ba3ff1d4e2173d2
[nodejs-headers-18.18.0]
<= nodejs-headers-base
version = v18.18.0
md5sum = c5ab3e98977dfd639d830625d79eff52
[nodejs-14.16.0]
<= nodejs-base
openssl_location = ${openssl:location}
......@@ -57,11 +81,6 @@ version = v8.9.4
md5sum = 4ddc1daff327d7e6f63da57fdfc24f55
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
[nodejs-8.6.0]
<= nodejs-base
version = v8.6.0
md5sum = 0c95e08220667d8a18b97ecec8218ac6
PATH = ${pkgconfig:location}/bin:${python2.7:location}/bin:%(PATH)s
[nodejs-8.12.0]
<= nodejs-base
......
[buildout]
parts = nullmailer
[nullmailer]
recipe = slapos.recipe.cmmi
url = http://untroubled.org/nullmailer/nullmailer-1.05.tar.gz
md5sum = 35124cc05f893efba1310e2ec7c876ff
......@@ -5,6 +5,7 @@ parts = open62541
extends =
../cmake/buildout.cfg
../patch/buildout.cfg
../python3/buildout.cfg
../defaults.cfg
[gcc]
......@@ -30,4 +31,4 @@ configure-options =
post-install =
cp src/pubsub/*.h deps/open62541_queue.h @@LOCATION@@/include
environement =
PATH=${patch:location}/bin:%(PATH)s
PATH=${python3:location}/bin:${patch:location}/bin:%(PATH)s
......@@ -4,6 +4,9 @@ extends =
../java-jdk/buildout.cfg
../cmake/buildout.cfg
../libjpeg/buildout.cfg
../python-2.7/buildout.cfg
../python3/buildout.cfg
../defaults.cfg
parts =
opencv
......@@ -57,7 +60,7 @@ post-install =
cp build/lib/libopencv_java430.so @@LOCATION@@/lib
cp build/bin/opencv-430.jar @@LOCATION@@/bin
environment =
PATH=${cmake:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PATH=${python3:location}/bin/:${python2.7:location}/bin/:${cmake:location}/bin:${pkgconfig:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${zlib:location}/lib/pkgconfig:${libpng:location}/lib/pkgconfig:${libjpeg-turbo2:location}/lib/pkgconfig
JAVA_HOME=${java-jdk:location}
JRE_HOME=${java-re:location}
......
......@@ -17,8 +17,8 @@ parts =
[openssl]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.openssl.org/source/openssl-1.1.1v.tar.gz
md5sum = 9edcfdd9b96523df82b312c404f4b169
url = https://www.openssl.org/source/openssl-1.1.1w.tar.gz
md5sum = 3f76825f195e52d4b10c70040681a275
location = @@LOCATION@@
# 'prefix' option to override --openssldir/--prefix (which is useful
# when combined with DESTDIR). Used by slapos.package.git/obs
......@@ -48,8 +48,10 @@ environment =
[openssl-quictls]
<= openssl
url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1v-quic1.tar.gz
md5sum = 4b0e4a81590644a027b78a54c26a75e2
# XXX tag missing for 1.1.1w
# url = https://github.com/quictls/openssl/archive/refs/tags/OpenSSL_1_1_1w-quic1.tar.gz
url = https://github.com/quictls/openssl/archive/612d8e44d687e4b71c4724319d7aa27a733bcbca.tar.gz
md5sum =4a06f8b195e817c8a0d94ebdbc7c7bb7
[openssl-output]
# Shared binary location to ease migration
......
[buildout]
parts =
pole
[pole]
recipe = slapos.recipe.cmmi
location = ${buildout:parts-directory}/${:_buildout_section_name_}
url = https://bitbucket.org/dimin/pole/get/c15e513.tar.gz
md5sum = 691a5d80863df868804c5a9defa0c8a6
configure-command = true
make-binary =
make-options =
make-targets = true
post-install =
set -x
mkdir bin
cd pole
g++ -o ../bin/poledump pole.cpp poledump.cpp
mv ../bin '${:location}'
[buildout]
parts =
pytracemalloc
[pytracemalloc]
recipe = zc.recipe.egg:custom
find-links = https://github.com/vstinner/pytracemalloc/archive/refs/tags/pytracemalloc-1.2.tar.gz
egg = pytracemalloc
......@@ -3,8 +3,8 @@ parts =
rpm2cpio
[rpm2cpio]
# https://github.com/ruda/rpm2cpio
# https://github.com/yuseitahara/rpm2cpio
recipe = slapos.recipe.build:download
shared = true
url = https://raw.githubusercontent.com/ruda/rpm2cpio/5afad4b65e4661a771db6f728abefe2c1e84b9ae/rpm2cpio.py
md5sum = 1cb52f9030304c2b7625657b2ef2379e
url = https://raw.githubusercontent.com/yuseitahara/rpm2cpio/68501e007adefc65a147a805d214082ee09b460b/rpm2cpio.py
md5sum = 744f200d8bd1652791638133ff91b40f
[buildout]
parts = sheepstrike
[sheepstrike]
recipe = slapos.recipe.cmmi
url = https://gitorious.org/sheepstrike/sheepstrike/archive-tarball/0.1
md5sum = 2c5009eb7c32d7ba5d270d0b88d7e5ab
prefix = ${buildout:parts-directory}/${:_buildout_section_name_}
configure-options = --prefix=${:prefix}
configure-command =
./bootstrap
./configure
......@@ -39,6 +39,7 @@ environment =
PATH=${nodejs:location}/bin:${pkgconfig:location}/bin:${python3:location}/bin:%(PATH)s
PKG_CONFIG_PATH=${libsecret:location}/lib/pkgconfig:${libsecret:pkg_config_depends}
LDFLAGS=-Wl,-rpath=${libsecret:location}/lib -L${gettext:location}/lib -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${glib:location}/lib
npm_config_tarball=${node-gyp-environment:npm_config_tarball}
NODE_OPTIONS=--max_old_space_size=4096
pre-configure =
mkdir -p $TMPDIR
......@@ -71,6 +72,7 @@ post-install =
# and anyway not used once the software is installed
rm -f %(location)s/node_modules/@msgpackr-extract/*/*.node
rm -rf $HOME/.cache/yarn/
rm -rf $HOME/.cache/puppeteer/
# remove "which" command added in $PATH that does not correctly
# handle executables thanks to a secondary group of the user.
# https://www.npmjs.com/package/which https://www.npmjs.com/package/isexe
......@@ -179,6 +181,7 @@ content =
"@theia/mini-browser": "latest",
"@theia/monaco": "latest",
"@theia/navigator": "latest",
"@theia/notebook": "latest",
"@theia/outline-view": "latest",
"@theia/output": "latest",
"@theia/plugin-dev": "latest",
......@@ -191,9 +194,11 @@ content =
"@theia/scm": "latest",
"@theia/scm-extra": "latest",
"@theia/search-in-workspace": "latest",
"@theia/secondary-window": "latest",
"@theia/task": "latest",
"@theia/terminal": "latest",
"@theia/timeline": "latest",
"@theia/toolbar": "latest",
"@theia/typehierarchy": "latest",
"@theia/userstorage": "latest",
"@theia/variable-resolver": "latest",
......
......@@ -15,11 +15,11 @@
[preloadTemplate.html]
_update_hash_filename_ = preloadTemplate.html
md5sum = 6343592161a349bb40e0de16ce67aa51
md5sum = a27e2cb34e4efe2ed0d4698f505554f0
[yarn.lock]
_update_hash_filename_ = yarn.lock
md5sum = 6435aaf48cbbfe7911505c2c45cc53ea
md5sum = bb7444ebfeea21fed1960700aa6becf9
[ms-python-disable-jedi-buildout.patch]
_update_hash_filename_ = ms-python-disable-jedi-buildout.patch
......
This diff is collapsed.
......@@ -49,9 +49,7 @@ for plugin_and_version in '''\
vscode/lua/latest
vscode/make/latest
vscode/markdown/latest
# Activating extension 'Markdown Language Features (built-in)' failed:
# i.workspace.onWillDropOnTextEditor is not a function
vscode/markdown-language-features/1.64.2
vscode/markdown-language-features/latest
vscode/merge-conflict/latest
vscode/npm/latest
ms-vscode/node-debug/latest
......
......@@ -7,6 +7,7 @@
link = document.createElement('link');
link.rel = "manifest";
link.href = "/theia.webmanifest";
link.crossOrigin = "use-credentials";
document.head.appendChild(link);
if ('serviceWorker' in navigator) {
......
This diff is collapsed.
......@@ -24,8 +24,8 @@ min_version = 8
[trafficserver]
recipe = slapos.recipe.cmmi
url = https://dlcdn.apache.org/trafficserver/trafficserver-9.2.0.tar.bz2
md5sum = 3188d53f0a2eb618fb9399e098161691
url = https://dlcdn.apache.org/trafficserver/trafficserver-9.2.2.tar.bz2
md5sum = 994247ed0f50e6dfcfb8d7200dcad6ea
shared = true
patch-options = -p1
configure-options =
......
......@@ -165,8 +165,8 @@ environment =
[libX11]
recipe = slapos.recipe.cmmi
shared = true
url = https://www.x.org/releases/individual/lib/libX11-1.8.6.tar.gz
md5sum = 9767ee0c5819e35142835da61b923421
url = https://www.x.org/releases/individual/lib/libX11-1.8.7.tar.gz
md5sum = feb9664ce36111923c0be0b292f6e15b
pkg_config_depends = ${inputproto:location}/lib/pkgconfig:${xorgproto:location}/share/pkgconfig:${libXau:location}/lib/pkgconfig:${libxcb:location}/lib/pkgconfig:${xextproto:location}/lib/pkgconfig:${xorg-libpthread-stubs:location}/lib/pkgconfig:${xorg-util-macros:location}/share/pkgconfig:${xtrans:location}/share/pkgconfig
configure-options =
--disable-static
......
[buildout]
extends =
../libtool/buildout.cfg
../util-linux/buildout.cfg
[zeromq]
<= zeromq3
[zeromq3]
recipe = slapos.recipe.cmmi
url = http://download.zeromq.org/zeromq-3.2.3.tar.gz
md5sum = 1abf8246363249baf5931a065ee38203
configure-options = --without-documentation
environment =
PATH=${libtool:location}/bin:%(PATH)s
LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
[zeromq2]
recipe = slapos.recipe.cmmi
url = http://download.zeromq.org/zeromq-2.2.0.tar.gz
md5sum = 1b11aae09b19d18276d0717b2ea288f6
configure-options =
--without-documentation
environment =
PATH=${libtool:location}/bin:%(PATH)s
CXXFLAGS=-I${libuuid:location}/include
LDFLAGS=-L${libtool:location}/lib -Wl,-rpath -Wl,${libtool:location}/lib -L${libuuid:location}/lib -Wl,-rpath -Wl,${libuuid:location}/lib
......@@ -91,7 +91,6 @@ setup(name=name,
'copyfilelist = slapos.recipe.copyfilelist:Recipe',
'cron = slapos.recipe.dcron:Recipe',
'cron.d = slapos.recipe.dcron:Part',
'davstorage = slapos.recipe.davstorage:Recipe',
'dropbear = slapos.recipe.dropbear:Recipe',
'dropbear.add_authorized_key = slapos.recipe.dropbear:AddAuthorizedKey',
'dropbear.client = slapos.recipe.dropbear:Client',
......
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
import subprocess
from six.moves import http_client as httplib
import base64
import os
import shutil
from slapos.recipe.librecipe import GenericBaseRecipe
class Recipe(GenericBaseRecipe):
def _options(self, options):
options['password'] = self.generatePassword()
def install(self):
path_list = []
htpasswd_file = self.options['htpasswd-file']
# Create or empty the file
open(htpasswd_file, 'w').close()
path_list.append(htpasswd_file)
user = self.options['user']
password = self.options['password']
subprocess.check_call([self.options['apache-htpasswd'],
'-bc', htpasswd_file,
user, password
])
htdocs_location = self.options['htdocs']
if not (os.path.exists(htdocs_location) and os.listdir(htdocs_location)):
try:
os.rmdir(htdocs_location)
except:
pass
shutil.copytree(self.options['source'], htdocs_location)
# Install php.ini
php_ini = self.createFile(os.path.join(self.options['php-ini-dir'],
'php.ini'),
self.substituteTemplate(self.getTemplateFilename('php.ini.in'),
dict(tmp_directory=self.options['tmp-dir']))
)
path_list.append(php_ini)
apache_config = dict(
pid_file=self.options['pid-file'],
lock_file=self.options['lock-file'],
davlock_db=self.options['davdb-lock'],
ip=self.options['ip'],
port_webdav=self.options['port_webdav'],
port_ajax=self.options['port_ajax'],
error_log=self.options['error-log'],
access_log=self.options['access-log'],
document_root=self.options['htdocs'],
modules_dir=self.options['apache-modules-dir'],
mime_types=self.options['apache-mime-file'],
server_root=self.options['root'],
email_address=self.options['email-address'],
htpasswd_file=htpasswd_file,
ssl_certificate=self.options['cert-file'],
ssl_key=self.options['key-file'],
php_ini_dir=self.options['php-ini-dir']
)
# Create logfiles
for log in [self.options['error-log'], self.options['access-log']]:
open(log, 'a').close()
config_file = self.createFile(self.options['conf-file'],
self.substituteTemplate(self.getTemplateFilename('httpd.conf.in'),
apache_config)
)
path_list.append(config_file)
wrapper = self.createWrapper(self.options['wrapper'],
(self.options['apache-binary'], '-f', config_file, '-DFOREGROUND'))
path_list.append(wrapper)
promise = self.createPythonScript(self.options['promise'],
__name__ + '.promise',
(self.options['ip'], int(self.options['port_webdav']),
self.options['user'], self.options['password']))
path_list.append(promise)
return path_list
def promise(host, port, user, password):
connection = httplib.HTTPSConnection(host, port)
auth = base64.b64encode('%s:%s' % (user, password))
connection.request('OPTIONS', '/',
headers=dict(
Authorization='Basic %s' % auth,
)
)
connection.getresponse()
return 0
ServerRoot "%(server_root)s"
Listen [%(ip)s]:%(port_webdav)s
Listen [%(ip)s]:%(port_ajax)s
NameVirtualHost [%(ip)s]:%(port_webdav)s
NameVirtualHost [%(ip)s]:%(port_ajax)s
# Needed modules
LoadModule unixd_module "%(modules_dir)s/mod_unixd.so"
LoadModule access_compat_module "%(modules_dir)s/mod_access_compat.so"
LoadModule authn_core_module "%(modules_dir)s/mod_authn_core.so"
LoadModule authz_core_module "%(modules_dir)s/mod_authz_core.so"
LoadModule authn_file_module "%(modules_dir)s/mod_authn_file.so"
LoadModule authz_host_module "%(modules_dir)s/mod_authz_host.so"
LoadModule authz_user_module "%(modules_dir)s/mod_authz_user.so"
LoadModule auth_basic_module "%(modules_dir)s/mod_auth_basic.so"
# Comment auth_digest since we don't use it
#LoadModule auth_digest_module "%(modules_dir)s/mod_auth_digest.so"
LoadModule log_config_module "%(modules_dir)s/mod_log_config.so"
LoadModule headers_module "%(modules_dir)s/mod_headers.so"
LoadModule setenvif_module "%(modules_dir)s/mod_setenvif.so"
LoadModule socache_shmcb_module "%(modules_dir)s/mod_socache_shmcb.so"
LoadModule ssl_module "%(modules_dir)s/mod_ssl.so"
LoadModule mime_module "%(modules_dir)s/mod_mime.so"
LoadModule dav_module "%(modules_dir)s/mod_dav.so"
LoadModule dav_fs_module "%(modules_dir)s/mod_dav_fs.so"
LoadModule dir_module "%(modules_dir)s/mod_dir.so"
LoadModule php5_module "%(modules_dir)s/libphp5.so"
ServerAdmin %(email_address)s
# Quiet Server header (if not, Apache give its life history)
# It's safer
ServerTokens ProductOnly
PidFile "%(pid_file)s"
PHPINIDir "%(php_ini_dir)s"
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<VirtualHost [%(ip)s]:%(port_ajax)s>
#ServerName www.example.com
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory %(document_root)s>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
DocumentRoot "%(document_root)s"
DirectoryIndex index.html index.php
SSLEngine on
SSLCertificateFile "%(ssl_certificate)s"
SSLCertificateKeyFile "%(ssl_key)s"
</VirtualHost>
<VirtualHost [%(ip)s]:%(port_webdav)s>
DocumentRoot "%(document_root)s"
DavLockDB "%(davlock_db)s"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory %(document_root)s>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
Dav On
# Security Rules to avoid DDoS Attacks
DavDepthInfinity Off
LimitXMLRequestBody 0
# Cross-Origin Resources Sharing
Header always set Access-Control-Max-Age "0"
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "OPTIONS, GET, HEAD, POST, PUT, DELETE, PROPFIND"
Header always set Access-Control-Allow-Headers "Content-Type, X-Requested-With, X-HTTP-Method-Override, Accept, Authorization, Depth"
SetEnvIf Origin "(.+)" ORIGIN=$1
Header always set Access-Control-Allow-Origin %%{ORIGIN}e
AuthType Basic
AuthName "WebDAV Storage"
AuthUserFile "%(htpasswd_file)s"
<LimitExcept OPTIONS>
Require valid-user
</LimitExcept>
</Directory>
SSLEngine on
SSLCertificateFile "%(ssl_certificate)s"
SSLCertificateKeyFile "%(ssl_key)s"
</VirtualHost>
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
DefaultType text/plain
TypesConfig "%(mime_types)s"
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
[PHP]
engine = On
safe_mode = Off
expose_php = Off
error_reporting = E_ALL & ~(E_DEPRECATED|E_NOTICE|E_WARNING)
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
session.save_path = "%(tmp_directory)s"
session.auto_start = 0
date.timezone = Europe/Paris
file_uploads = On
upload_max_filesize = 8M
post_max_size = 8M
magic_quotes_gpc=Off
output_buffering=Off
......@@ -162,6 +162,9 @@ class TestOrderBuildPackingListSimulation(
zope_count = len(zope_memory_info_list)
# Database size
if self.isNEO():
root_fs_size = zeo_root_stats = 'N/A'
else:
root_fs = pathlib.Path(
self.getComputerPartitionPath('zodb')) / 'srv' / 'zodb' / 'root.fs'
root_fs_size = root_fs.stat().st_size
......@@ -255,6 +258,7 @@ class TestOrderBuildPackingListSimulation(
self.take_measurements(f"iteration_{i+1:03}")
# final measurements, take a "zodb analyze" snapshot
if not self.isNEO():
zodb_cmd = pathlib.Path(
self.computer_partition_root_path
) / 'software_release' / 'bin' / 'zodb'
......
......@@ -46,7 +46,7 @@ from slapos.testing.testcase import (
makeModuleSetUpAndTestCaseClass,
)
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.8/software/erp5/software.cfg'
old_software_release_url = 'https://lab.nexedi.com/nexedi/slapos/raw/1.0.167.9/software/erp5/software.cfg'
new_software_release_url = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'software.cfg'))
......
......@@ -19,7 +19,7 @@ md5sum = 7ab3b606972e1b338d28fc1374617835
[template-default]
_update_hash_filename_ = instance-default.cfg.in
md5sum = 698104b7c3694a69575c965c21629f87
md5sum = 89a7224c3dd9356bf262100816b67f73
[dovecot.jinja2.conf]
_update_hash_filename_ = dovecot.jinja2.conf
......
......@@ -147,6 +147,10 @@ recipe = slapos.recipe.template
output = ${directory:bin}/${:_buildout_section_name_}
inline =
#!/bin/sh
# If master.pid contains PID of any running process
# dovecot will refuse to run. Only the pidfile provided
# by wrapper recipe should be used
rm -f var/run/dovecot/master.pid
{{ dovecot_binary }} -F -c ${dovecot-conf:output}
[dovecot-service]
......@@ -170,6 +174,7 @@ recipe = slapos.recipe.template
output = ${directory:bin}/${:_buildout_section_name_}
inline =
#!/bin/sh
rm -f var/spool/postfix/pid/master.pid
${directory:usr-postfix}/libexec/postfix/master -c ${directory:etc-postfix}
[postfix-service]
......
[buildout]
extends =
buildout.hash.cfg
# LAMP stands for Linux, Apache, MySQL, PHP
../../stack/lamp/buildout.cfg
# "slapos" stack describes basic things needed for 99.9% of SlapOS Software
../../stack/slapos.cfg
../../component/diffutils/buildout.cfg
parts =
# Call installation of slapos.cookbook egg defined in stack/slapos.cfg (needed
# in 99,9% of Slapos Software Releases)
slapos-cookbook
# to create file instance.cfg of all instances
lamp-instance
# download bas
# inherited by modules that need to download files
[matomo-download]
recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:filename}
......@@ -24,12 +16,10 @@ url = ${:_profile_base_location_}/${:filename}
# download matomo
# The specific process of downloading and decompressing is defined in stack lamp
[application]
url = https://builds.matomo.org/matomo-4.7.1.zip
md5sum = 8d592676bc2c0d51363ad7b2caf171fe
url = https://builds.matomo.org/matomo-4.15.1.zip
md5sum = d7d2c4f94cb77af859d0cee8e9e0dbdb
archive-root = matomo
# give the location of the instance-matomo.cfg fil
# Without it the instance-matomo.cfg file will not be executed
[custom-application-deployment]
path = ${template-matomo-instance:output}
part-list = matomo-backup.sh matomo-backup-cron
......
......@@ -71,7 +71,7 @@ forcediphttpsadapter = 1.0.1
miniupnpc = 2.0.2
peewee = 3.14.4
python-whois = 0.7.3
future = 0.18.2
future = 0.18.3
# Build GCC with Fortran for OpenBLAS (scipy & numpy)
[gcc]
......
......@@ -57,6 +57,7 @@ eggs = neoppod[admin, ctl, master]
zope.testing
coverage
setproctitle
mock
adapter-egg =
${python-mysqlclient:egg}
PyMySQL
......
......@@ -2,7 +2,4 @@
extends = software.cfg
[ZODB]
major = 5
[neoppod]
eggs += mock
major = 4
......@@ -14,7 +14,7 @@
# not need these here).
[template-nextcloud-install.sh]
filename = nextcloud-install.sh.in
md5sum = 094c26b177fdde69b41d81b89bab542b
md5sum = 965cc84d4c8e39f06850fac361575647
[template-nextcloud-config.json]
filename = nextcloud-config.json.in
......@@ -22,4 +22,4 @@ md5sum = 6f42f0a8c5e5c0c657541a65c4d9ee57
[template-nextcloud-instance]
filename = nextcloud-instance.cfg.in
md5sum = e144dc4cdc3bd0a9be81ac0cc2cfdbd4
md5sum = a59b081bd39f61c7361fdb6c54fc2039
......@@ -134,8 +134,10 @@ EOF
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set richdocuments wopi_url --value="{{ parameter_dict.get('collabora-url', '') }}"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed stun_servers --value="[\"{{ parameter_dict['stun-server'] }}\"]"
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set spreed turn_servers --value="[{\"server\":\"{{ parameter_dict['turn-server'] }}\",\"secret\":\"{{ parameter_dict['turn-secret'] }}\",\"protocols\":\"udp,tcp\"}]"
sed -i 's#useCronUpdates\s*=.*#useCronUpdates = false#g' {{ parameter_dict['data-dir'] }}/news/config/config.ini
php_cmd {{ parameter_dict['nextcloud'] }}/occ config:app:set news useCronUpdates --value=false
if [ -f "{{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL" ]; then
rm {{ parameter_dict['nextcloud'] }}/config/CAN_INSTALL
fi
date > {{ parameter_dict['nextcloud'] }}/.slapos-install-done
......@@ -105,6 +105,10 @@ input = inline:#!/bin/bash
echo "Nextcloud is not installed.";
exit 1;
fi
if [ ! -f "${instance-parameter:nextcloud}/.slapos-install-done" ]; then
echo "Nextcloud is not configured.";
exit 1;
fi
output = ${directory:bin}/check-nc-install
mode = 744
......
......@@ -9,8 +9,8 @@ recipe = slapos.recipe.build:download
url = ${:_profile_base_location_}/${:filename}
[application]
url = https://download.nextcloud.com/server/releases/nextcloud-16.0.3.tar.bz2
md5sum = d81902d2dec5d547779bec6336a438be
url = https://download.nextcloud.com/server/releases/nextcloud-27.1.2.tar.bz2
md5sum = a23afb146993d7449b78395739f27742
[template-nextcloud-install.sh]
<= nc-download
......@@ -46,37 +46,37 @@ shared = true
[news-updater]
<= nc-download-unpacked
url = https://github.com/nextcloud/news-updater/archive/10.0.1.tar.gz
md5sum = 37387199c0482e08d01e9294cd95eaad
url = https://github.com/nextcloud/news-updater/archive/11.0.0.tar.gz
md5sum = 1e75222638cab49d3f66b7c76394f104
[nextcloud-app-spreed]
<= nc-download-unpacked
url = https://github.com/nextcloud/spreed/releases/download/v6.0.5/spreed-6.0.5.tar.gz
md5sum = 002c09e543edc141f6ca848782573376
url = https://github.com/nextcloud-releases/spreed/releases/download/v17.1.1/spreed-v17.1.1.tar.gz
md5sum = 24e6be17fb232a3c18de5e9c0a03c7c3
[nextcloud-app-richdocuments]
<= nc-download-unpacked
url = https://github.com/nextcloud/richdocuments/releases/download/v3.7.17/richdocuments.tar.gz
md5sum = 5559cd14a4a0a93d2a39b260538839f8
url = https://github.com/nextcloud/richdocuments/releases/download/v8.2.0/richdocuments.tar.gz
md5sum = 1e9176b0f08670996488572aea081996
[nextcloud-app-calendar]
<= nc-download-unpacked
url = https://github.com/nextcloud/calendar/releases/download/v1.7.3/calendar.tar.gz
md5sum = ab398d943eb6939e3e71df5b1a1abf87
url = https://github.com/nextcloud-releases/calendar/releases/download/v4.5.2/calendar-v4.5.2.tar.gz
md5sum = 88adcbc34ef7e461f515ba96b82365d9
[nextcloud-app-rainloop]
[nextcloud-app-snappymail]
<= nc-download-unpacked
url = https://github.com/pierre-alain-b/rainloop-nextcloud/releases/download/6.1.4/rainloop.tar.gz
md5sum = 7cefc3dd3bd52b42d381de7d7447691f
url = https://snappymail.eu/repository/nextcloud/snappymail-2.29.1-nextcloud.tar.gz
md5sum = b7500ea4e089d8a9e3fa381d6df3a3b0
[nextcloud-app-news]
<= nc-download-unpacked
url = https://github.com/nextcloud/news/releases/download/14.2.2/news.tar.gz
md5sum = f48d4b5dcbc078131bb86a4ae619da99
url = https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz
md5sum = 8e1a7e3e49e6dbd754bc1b9ff2f85371
[nextcloud-apps]
spreed = ${nextcloud-app-spreed:location}
richdocuments = ${nextcloud-app-richdocuments:location}
calendar = ${nextcloud-app-calendar:location}
rainloop = ${nextcloud-app-rainloop:location}
snappymail = ${nextcloud-app-snappymail:location}
news = ${nextcloud-app-news:location}
......@@ -279,10 +279,15 @@ class TestServices(NextCloudTestCase):
"turn_servers"
])
self.assertEqual(turn_config.strip(), b'[{"server":"","secret":"","protocols":"udp,tcp"}]')
news_config_file = os.path.join(self.partition_dir, 'srv/data/news/config/config.ini')
with open(news_config_file) as f:
config = f.read()
self.assertRegex(config, r"(useCronUpdates\s+=\s+false)")
news_config = subprocess.check_output([
php_bin,
occ,
"config:app:get",
"news",
"useCronUpdates"
])
self.assertEqual(news_config.strip(), b'false')
class TestNextCloudParameters(NextCloudTestCase):
......
......@@ -49,7 +49,7 @@ class enbWebSocket:
"rf_info": True
})
r = self.recv('rf')
self.logger.info('RF info', extra={'data': r})
self.logger.info('RF info', extra={'data': json.dumps(r)})
if __name__ == '__main__':
ws = enbWebSocket()
......
......@@ -24,11 +24,11 @@ md5sum = c4d5e9fcf460d88bc2b4bcfbdfe554f7
[amarisoft-rf-info.jinja2.py]
_update_hash_filename_ = amarisoft-rf-info.jinja2.py
md5sum = c930c28365c685a6066f382c9b5d8893
md5sum = ab666fdfadbfc7d8a16ace38d295c883
[ncclient_common]
_update_hash_filename_ = ncclient_common.py
md5sum = f34a196e947fa58b141431a00cc744df
md5sum = 63316f6a8a6a480e10db7e78cca72f3b
[lopcomm-rrh-stats.jinja2.py]
_update_hash_filename_ = lopcomm-rrh-stats.jinja2.py
......@@ -40,11 +40,11 @@ md5sum = f2f550b68c8ab243ce1a4bb73a9abc1c
[lopcomm-rrh-software.jinja2.py]
_update_hash_filename_ = lopcomm-rrh-software.jinja2.py
md5sum = 860fa5e5bab65f414535c7e25f622a6c
md5sum = 2cd8515253b75e2ab13cc77399762851
[lopcomm-rrh-supervision.jinja2.py]
_update_hash_filename_ = lopcomm-rrh-supervision.jinja2.py
md5sum = a2ba0343ddb7f9cf2904a4c5c751f68a
md5sum = 243d9fbf640b8dc8bf63d69b07b8afed
[template-enb]
_update_hash_filename_ = instance-enb.jinja2.cfg
......
#!{{ python_path }}
import time
import json
import xmltodict
import sys
import re
......@@ -60,7 +61,7 @@ if __name__ == '__main__':
if download_reply_xml:
nc.logger.info("Download proceed.")
download_data = xmltodict.parse(download_reply_xml)
nc.software_reply_json_logger.info('', extra={'data': download_data})
nc.software_reply_json_logger.info('', extra={'data': json.dumps(download_data)})
install_rpc_xml = f"""
<software-install xmlns="urn:o-ran:software-management:1.0">
......@@ -74,7 +75,7 @@ if __name__ == '__main__':
if install_reply_xml:
nc.logger.info("Installation proceed.")
install_data = xmltodict.parse(install_reply_xml)
nc.software_reply_json_logger.info('', extra={'data': install_data})
nc.software_reply_json_logger.info('', extra={'data': json.dumps(install_data)})
if nonrunning_slot_name_build_version in "{{firmware_name}}":
activate_rpc_xml = f"""
......@@ -88,7 +89,7 @@ if __name__ == '__main__':
if activate_reply_xml:
nc.logger.info("Activation proceed.")
activate_data = xmltodict.parse(activate_reply_xml)
nc.software_reply_json_logger.info('', extra={'data': activate_data})
nc.software_reply_json_logger.info('', extra={'data': json.dumps(activate_data)})
nc.get_inventory()
if nonrunning_slot_name_build_version in "{{firmware_name}}" and active_nonrunning_slot_name:
......
#!{{ python_path }}
import time
import json
import xmltodict
import sys
import re
......@@ -27,7 +28,7 @@ if __name__ == '__main__':
if supervision_subscription_reply_xml:
nc.logger.info("Subscription created")
supervision_subscription_data = xmltodict.parse(supervision_subscription_reply_xml)
nc.supervision_reply_json_logger.info('', extra={'data': supervision_subscription_data})
nc.supervision_reply_json_logger.info('', extra={'data': json.dumps(supervision_subscription_data)})
while True:
supervision_watchdog_rpc_xml = """
<supervision-watchdog-reset xmlns="urn:o-ran:supervision:1.0">
......@@ -43,7 +44,7 @@ if __name__ == '__main__':
nc.logger.info("NETCONF server replied")
supervision_watchdog_data = xmltodict.parse(supervision_watchdog_reply_xml)
nc.supervision_reply_json_logger.info('', extra={'data': supervision_watchdog_data})
nc.supervision_reply_json_logger.info('', extra={'data': json.dumps(supervision_watchdog_data)})
# It must be the same interval as <supervision-notification-interval>
time.sleep(60)
else:
......
import time
import logging
import json
import xmltodict
from logging.handlers import RotatingFileHandler
from ncclient import manager
......@@ -111,15 +112,15 @@ class LopcommNetconfClient:
result_in_xml = result._raw
data_dict = xmltodict.parse(result_in_xml)
if 'alarm-notif' in data_dict['notification']:
self.json_logger.info('', extra={'data': data_dict})
self.json_logger.info('', extra={'data': json.dumps(data_dict)})
elif 'supervision-notification' in data_dict['notification']:
self.supervision_json_logger.info('', extra={'data': data_dict})
self.supervision_json_logger.info('', extra={'data': json.dumps(data_dict)})
elif 'netconf-session-start' in data_dict['notification'] or 'netconf-session-end' in data_dict['notification']:
self.ncsession_json_logger.info('', extra={'data': data_dict})
self.ncsession_json_logger.info('', extra={'data': json.dumps(data_dict)})
elif any(event in data_dict['notification'] for event in ['install-event', 'activation-event', 'download-event']):
self.software_json_logger.info('', extra={'data': data_dict})
self.software_json_logger.info('', extra={'data': json.dumps(data_dict)})
else:
self.cfg_json_logger.info('', extra={'data': data_dict})
self.cfg_json_logger.info('', extra={'data': json.dumps(data_dict)})
def edit_config(self, config_files):
for config_file in config_files:
with open(config_file) as f:
......@@ -152,7 +153,7 @@ class LopcommNetconfClient:
reset_reply_xml = self.custom_rpc_request(reset_rpc_xml)
if reset_reply_xml:
reset_data = xmltodict.parse(reset_reply_xml)
self.software_reply_json_logger.info('', extra={'data': reset_data})
self.software_reply_json_logger.info('', extra={'data': json.dumps(reset_data)})
self.logger.info('Wait 60 second then reboot!')
time.sleep(60)
......@@ -169,7 +170,7 @@ class LopcommNetconfClient:
if inventory_reply_xml:
self.logger.info('Finish fetching software inventory.')
inventory_data = xmltodict.parse(inventory_reply_xml)
self.software_reply_json_logger.info('', extra={'data': inventory_data})
self.software_reply_json_logger.info('', extra={'data': json.dumps(inventory_data)})
nonrunning_slot_name = None
running_slot_name = None
......
[instance-profile]
filename = instance.cfg.in
md5sum = f622d8b6e8ce96c75316a856b26caf96
md5sum = 6610ce91964dda42edbcb5b7837777c2
......@@ -55,5 +55,4 @@ log = ${:var}/log
[publish-connection-parameter]
recipe = slapos.cookbook:publish
opc_ua_port = ${instance-parameter:configuration.opc_ua_port}
interface = ${instance-parameter:configuration.interface}
url-ipv6 = opc.tcp://[${instance-parameter:ipv6-random}]:${instance-parameter:configuration.opc_ua_port}
......@@ -40,6 +40,5 @@ class OsieTestCase(SlapOSInstanceTestCase):
return {"mode": 1}
def test(self):
connexion_parameters = self.computer_partition.getConnectionParameterDict()
self.assertIn('opc_ua_port', connexion_parameters)
self.assertIn('interface', connexion_parameters)
parameter_dict = self.computer_partition.getConnectionParameterDict()
self.assertIn('url-ipv6', parameter_dict)
......@@ -43,8 +43,6 @@ parts =
gcc
unzip
curl
nodejs
yarn
openssl
python3
nginx
......@@ -57,6 +55,8 @@ parts =
peertube-build
instance-profile
[nodejs]
<= nodejs-16.19.0
[peertube]
recipe = slapos.recipe.build:download-unpacked
......
......@@ -22,7 +22,7 @@ md5sum = 5784bea3bd608913769ff9a8afcccb68
[profile-frontend]
filename = instance-frontend.cfg.in
md5sum = 5c2f79d0773bd8594ccf1c34a7d27d53
md5sum = 9a33900d735ef074b5887d61bca54243
[profile-master]
filename = instance-master.cfg.in
......@@ -30,7 +30,7 @@ md5sum = 3006197ddce87bd92866b76b5ce8ce08
[profile-slave-list]
filename = instance-slave-list.cfg.in
md5sum = 8289620cb32dbdfcca6ba112c7ec7b2b
md5sum = b75e42233c1b7bdd5f21971ed8907efc
[profile-master-publish-slave-information]
filename = instance-master-publish-slave-information.cfg.in
......@@ -38,11 +38,11 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = eef9712c6fe4d62b570b9059157c67ea
md5sum = fc68a825c656bde0ae69a936936b0478
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
md5sum = 238760d48d2875f087ad2d784e2a8fcd
md5sum = 2f3f75773eb879b97d1ff5e04486591c
[template-not-found-html]
_update_hash_filename_ = templates/notfound.html
......@@ -50,7 +50,7 @@ md5sum = d56e2cfab274cbbbe5b387f2f6e417df
[template-backend-haproxy-configuration]
_update_hash_filename_ = templates/backend-haproxy.cfg.in
md5sum = b4b55d931249f11e4e1256afeb74b503
md5sum = 6457064905f818f21e3733eb4278a580
[template-empty]
_update_hash_filename_ = templates/empty.in
......@@ -102,7 +102,7 @@ md5sum = e82ccdb0b26552a1c88ff523d8fae24a
[profile-kedifa]
filename = instance-kedifa.cfg.in
md5sum = a9854d48e750b3599043715c95138d5d
md5sum = 669da915003122e48646dc75fec239a5
[template-frontend-haproxy-rsyslogd-conf]
_update_hash_filename_ = templates/frontend-haproxy-rsyslogd.conf.in
......
......@@ -1105,12 +1105,16 @@ delaycompress =
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:scripts}/logrotate-setup-validate
command =
if ${logrotate:wrapper-path} -d > ${:state-file} 2>&1 ; then
if ${logrotate:wrapper-path} -d > ${:state-file-tmp} 2>&1 ; then
cat /dev/null > ${:state-file}
rm -f ${:state-file-tmp}
else
mv ${:state-file-tmp} ${:state-file}
fi
extra-context =
key content :command
state-file = ${directory:run}/logrotate-setup.state
state-file-tmp = ${:state-file}.tmp
[promise-logrotate-setup]
<= monitor-promise-base
......
......@@ -329,12 +329,16 @@ monitor-base-url = ${monitor-instance-parameter:monitor-base-url}
url = {{ software_parameter_dict['template_wrapper'] }}
output = ${directory:scripts}/logrotate-setup-validate
command =
if ${logrotate:wrapper-path} -d > ${:state-file} 2>&1 ; then
if ${logrotate:wrapper-path} -d > ${:state-file-tmp} 2>&1 ; then
cat /dev/null > ${:state-file}
rm -f ${:state-file-tmp}
else
mv ${:state-file-tmp} ${:state-file}
fi
extra-context =
key content :command
state-file = ${directory:run}/logrotate-setup.state
state-file-tmp = ${:state-file}.tmp
[promise-logrotate-setup]
<= monitor-promise-base
......
{%- set kedifa_updater_mapping = [] %}
{%- set cached_server_dict = {} %}
{%- set backend_slave_list = [] %}
{%- set frontend_slave_list = [] %}
{%- set backend_slave_dict = {} %}
{%- set frontend_slave_dict = {} %}
{%- set part_list = [] %}
{%- set cache_port = frontend_haproxy_configuration.get('cache-port') %}
{%- set cache_access = "http://%s:%s/HTTP" % (instance_parameter_dict['ipv4-random'], cache_port) %}
......@@ -228,7 +228,8 @@ context =
{%- do slave_publish_dict.__setitem__('url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('site_url', "http://%s" % slave_instance.get('custom_domain')) %}
{%- do slave_publish_dict.__setitem__('secure_access', 'https://%s' % slave_instance.get('custom_domain')) %}
{%- set host_list = slave_instance.get('server-alias', '').split() %}
{%- do slave_instance.__setitem__('server-alias', slave_instance.get('server-alias', '').split()) %}
{%- set host_list = slave_instance['server-alias'] %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
......@@ -385,9 +386,9 @@ local_ipv4 = {{ dumps('' ~ instance_parameter_dict['ipv4-random']) }}
{#- ############################### #}
{#- Prepare Slave Information #}
{%- do slave_instance_information_list.append(slave_publish_dict) %}
{%- do frontend_slave_list.append(slave_instance) %}
{%- do frontend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- if slave_type != 'redirect' %}
{%- do backend_slave_list.append(slave_instance) %}
{%- do backend_slave_dict.__setitem__(slave_instance['slave_reference'], slave_instance) %}
{%- endif %}
{%- endfor %} {# Slave iteration ends for slave_instance in slave_instance_list #}
......@@ -477,14 +478,30 @@ output = ${:file}
##<Frontend haproxy>
[frontend-haproxy-slave-list]
list = {{ dumps(sorted(frontend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
dict = {{ dumps(frontend_slave_dict) }}
{%- set slave_instance_hostname_frontend_order = [] %}
{%- for slave_instance in frontend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_frontend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_frontend_order) }}
[frontend-haproxy-crt-list]
<= jinja2-template-base
template = {{ template_frontend_haproxy_crt_list }}
rendered = ${frontend-haproxy-config:crt-list}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
section configuration frontend-haproxy-config
[frontend-haproxy-configuration]
......@@ -492,7 +509,8 @@ extra-context =
template = {{ template_frontend_haproxy_configuration }}
rendered = ${frontend-haproxy-config:file}
extra-context =
key frontend_slave_list frontend-haproxy-slave-list:list
key frontend_slave_dict frontend-haproxy-slave-list:dict
key frontend_slave_order frontend-haproxy-slave-list:order
key crt_list frontend-haproxy-crt-list:rendered
section configuration frontend-haproxy-config
......@@ -512,9 +530,25 @@ autocert-directory = {{ frontend_directory['autocert'] }}
< = jinja2-template-base
url = {{ template_backend_haproxy_configuration }}
output = ${backend-haproxy-config:file}
backend_slave_list = {{ dumps(sorted(backend_slave_list, key=operator_module.itemgetter('slave_reference'))) }}
backend_slave_dict = {{ dumps(backend_slave_dict) }}
{%- set slave_instance_hostname_backend_order = [] %}
{%- for slave_instance in backend_slave_dict.values() %}
{%- for hostname in slave_instance['host_list'] %}
{%- if '*' in hostname %}
{%- set order_value = hostname.count('.') %}
{%- else %}
{%- set order_value = 1000 %}
{%- endif %}
{%- do slave_instance_hostname_backend_order.append({
'index': order_value,
'hostname': hostname,
'slave_reference': slave_instance['slave_reference']}) %}
{%- endfor %}
{%- endfor %}
order = {{ dumps(slave_instance_hostname_backend_order) }}
extra-context =
key backend_slave_list :backend_slave_list
key backend_slave_dict :backend_slave_dict
key backend_slave_order :order
section configuration backend-haproxy-config
[backend-haproxy-config]
......
......@@ -211,7 +211,7 @@ output = ${buildout:directory}/template-wrapper.cfg
<=download-template
[versions]
kedifa = 0.0.6
kedifa = 0.0.7
# Modern KeDiFa requires zc.lockfile
zc.lockfile = 1.4
......
......@@ -17,30 +17,20 @@ defaults
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'http_backend', 'https': 'https_backend'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{%- macro frontend_entry(slave_reference, hostname, slave_instance, scheme) %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] %}
{%- set matched = {'count': 0} %}
{%- for host in slave_instance['host_list'] %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }}_{{ scheme }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- if hostname.startswith('*') %}
{%- set matcher = '' ~ hostname[2:] ~ '$' %}
{%- else %}
{%- set matcher = '^' ~ hostname ~ '$' %}
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
{%- set acl = '{ req.hdr(host),host_only -m reg ' ~ matcher ~ ' }' %}
{%- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['health-check-failover-hostname'] %}
acl is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }} nbsrv({{ slave_instance['slave_reference'] }}-{{ scheme }}) eq 0
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} ! is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }}-failover if is_{{ slave_instance['slave_reference'] }}_{{ scheme }} is_failover_{{ slave_instance['slave_reference'] }}_{{ scheme }}
acl is_failover_{{ slave_reference }}_{{ scheme }} nbsrv({{ slave_reference }}-{{ scheme }}) eq 0
use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }} ! is_failover_{{ slave_reference }}_{{ scheme }}
use_backend {{ slave_reference }}-{{ scheme }}-failover if {{ acl }} is_failover_{{ slave_reference }}_{{ scheme }}
{%- else %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}_{{ scheme }}
{%- endif %}
use_backend {{ slave_reference }}-{{ scheme }} if {{ acl }}
{%- endif %}
{%- endif %}
{%- endmacro %}
......@@ -62,11 +52,8 @@ frontend http-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'http') -}}
{%- endfor %}
frontend https-backend
......@@ -75,14 +62,12 @@ frontend https-backend
http-response add-header Via "%HV rapid-cdn-backend-{{ configuration['node-id'] }}-{{ configuration['version-hash']}}"
# setup Date
http-response set-header Date %[date(),http_date] if ! { res.hdr(Date) -m found }
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- for entry in backend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], backend_slave_dict[entry['slave_reference']], 'https') -}}
{%- endfor %}
{%- for slave_instance in backend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{% endfor %}
{%- for slave_instance in backend_slave_list %}
{%- for slave_reference in sorted(backend_slave_dict) %}
{%- set slave_instance = backend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance[prefix] %}
{%- if info_dict['hostname'] and info_dict['port'] %}
......
{%- for slave in frontend_slave_list %}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{%- set slave = frontend_slave_dict[entry['slave_reference']] %}
{%- set entry_list = [] %}
{%- set sslbindconf = [] %}
{#- <crtfile> #}
......@@ -9,7 +10,7 @@
{%- do sslbindconf.append(slave['alpn']) %}
{%- do entry_list.append('[' + ' '.join(sslbindconf) + ']') %}
{#- <snifilter> #}
{%- do entry_list.extend(slave['host_list']) %}
{%- do entry_list.append(entry['hostname']) %}
{{- ' '.join(entry_list) }}
{% endfor -%}
# Fallback to default certificate
......
......@@ -23,30 +23,14 @@ defaults
default-server init-addr last,libc,none
{%- set SCHEME_PREFIX_MAPPING = { 'http': 'backend-http-info', 'https': 'backend-https-info'} %}
{%- macro frontend_entry(slave_instance, scheme, wildcard) %}
{#- wildcard switch allows to put dangerous entries in the end, as haproxy parses with first match #}
{#- if slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['hostname'] and slave_instance[SCHEME_PREFIX_MAPPING[scheme]]['port'] #}
{%- set host_list = (slave_instance.get('server-alias') or '').split() %}
{%- if slave_instance.get('custom_domain') not in host_list %}
{%- do host_list.append(slave_instance.get('custom_domain')) %}
{%- endif %}
{%- set matched = {'count': 0} %}
{%- for host in host_list %}
{#- Match up to the end or optional port (starting with ':') #}
{#- Please note that this matching is quite sensitive to changes and hard to test, so avoid needless changes #}
{%- if wildcard and host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
# match wildcard {{ host }}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i {{ host[2:] }}($|:.*)
{%- elif not wildcard and not host.startswith('*.') %}
{%- do matched.__setitem__('count', matched['count'] + 1) %}
acl is_{{ slave_instance['slave_reference'] }} hdr_reg(host) -i ^{{ host }}($|:.*)
{%- endif %}
{%- endfor %}
{%- if matched['count'] > 0 %}
use_backend {{ slave_instance['slave_reference'] }}-{{ scheme }} if is_{{ slave_instance['slave_reference'] }}
{%- macro frontend_entry(slave_reference, hostname, scheme) %}
{%- if hostname.startswith('*') %}
{%- set matcher = hostname[2:] %}
{%- else %}
{%- set matcher = '^' ~ hostname %}
{%- endif %}
{#- endif #}
use_backend {{ slave_reference }}-{{ scheme }} if { req.hdr(host),host_only -m reg {{ matcher }}$ }
{%- endmacro %}
{%- macro frontend_common() %}
......@@ -68,11 +52,8 @@ frontend http-frontend
bind {{ configuration['local-ipv4'] }}:{{ configuration['http-port'] }}
bind {{ configuration['global-ipv6'] }}:{{ configuration['http-port'] }}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'http', True) }}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], 'http') -}}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
......@@ -84,16 +65,14 @@ frontend https-frontend
bind quic6@{{ configuration['global-ipv6'] }}:{{ configuration['https-port'] }} ssl crt-list {{ crt_list }} alpn h3
{%- endif %}
{{ frontend_common() }}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', False) }}
{%- endfor %}
{%- for slave_instance in frontend_slave_list -%}
{{ frontend_entry(slave_instance, 'https', True) }}
{%- for entry in frontend_slave_order | sort(attribute="index,hostname", reverse=True) %}
{{- frontend_entry(entry['slave_reference'], entry['hostname'], 'https') -}}
{%- endfor %}
default_backend BACKEND_NOT_FOUND
# Backends
{%- for slave_instance in frontend_slave_list %}
{%- for slave_reference in sorted(frontend_slave_dict) %}
{%- set slave_instance = frontend_slave_dict[slave_reference] %}
{%- for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() %}
{%- set info_dict = slave_instance.get(prefix, slave_instance.get('backend-http-info')) %}
backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
......@@ -189,7 +168,7 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
{%- endif %} {# if 'hostname' in info_dict and 'port' in info_dict #}
{%- endif %} {# if scheme == 'http' and slave_instance['https-only'] #}
{%- endfor %} {# for (scheme, prefix) in SCHEME_PREFIX_MAPPING.items() #}
{%- endfor %} {# for slave_instance in frontend_slave_list #}
{%- endfor %} {# for slave_reference in sorted(frontend_slave_dict) #}
backend BACKEND_NOT_FOUND
{#- a bit hacky but working way to provide default CDN's 404 #}
......
......@@ -1292,7 +1292,9 @@ class SlaveHttpFrontendTestCase(HttpFrontendTestCase):
@classmethod
def requestSlaves(cls):
for slave_reference, partition_parameter_kw in list(
# Note: List is sorted here, so that tests which want slaves
# ordered by their slave_reference are stable
for slave_reference, partition_parameter_kw in sorted(
cls.getSlaveParameterDictDict().items()):
software_url = cls.getSoftwareURL()
software_type = cls.getInstanceSoftwareType()
......@@ -6577,49 +6579,83 @@ class TestSlaveHostHaproxyClash(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getSlaveParameterDictDict(cls):
# Note: The slaves are specifically constructed to have an order which
# is triggering the problem. Slave list is sorted in many places,
# and such slave configuration will result with them begin seen
# by backend haproxy configuration in exactly the way seen below
# Ordering it here will not help at all.
# Note: Slave list is ordered by it's reference, so that requestSlaves
# will result in an order, which will hit the bugs covered here:
# * the most wildcard domain is requested first
# * then the more specific wildcard comes
# * in the end specific slaves are there
return {
'wildcard': {
'url': cls.backend_url + 'wildcard',
'01wildcard': {
'url': cls.backend_url + '01wildcard',
'custom_domain': '*.example.com',
'server-alias': 'example.com',
},
'02wildcard': {
'url': cls.backend_url + '02wildcard',
'custom_domain': '*.alias1.example.com',
'server-alias': 'alias1.example.com',
},
'zspecific': {
'url': cls.backend_url + 'zspecific',
'03zspecific': {
'url': cls.backend_url + '03zspecific',
'custom_domain': 'zspecific.example.com',
},
'04zspecific': {
'url': cls.backend_url + '04zspecific',
'custom_domain': 'zspecific.alias1.example.com',
},
}
def test(self):
_, wildcard_key, _, wildcard_crt = createSelfSignedCertificate([
'*.example.com'])
_, wildcard_alias1_key, _, wildcard_alias1_crt = \
createSelfSignedCertificate([
'*.alias1.example.com'])
_, zspecific_key, _, zspecific_crt = createSelfSignedCertificate([
'zspecific.example.com'])
_, zspecific_alias1_key, _, zspecific_alias1_crt = \
createSelfSignedCertificate([
'zspecific.alias1.example.com'])
def uploadCertificate(key, certificate):
auth = mimikra.get(
self.current_generate_auth,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, auth.status_code)
data = certificate + key
upload = mimikra.put(
self.current_upload_url + auth.text,
data=data,
verify=self.kedifa_caucase_ca_certificate_file)
self.assertEqual(http.client.CREATED, upload.status_code)
self.assertSlaveBase(
'01wildcard', hostname='*')
uploadCertificate(wildcard_key, wildcard_crt)
self.assertSlaveBase(
'wildcard', hostname='*.alias1')
'02wildcard', hostname='*.alias1')
uploadCertificate(wildcard_alias1_key, wildcard_alias1_crt)
self.assertSlaveBase(
'zspecific', hostname='zspecific.alias1')
'03zspecific', hostname='zspecific')
uploadCertificate(zspecific_key, zspecific_crt)
self.assertSlaveBase(
'04zspecific', hostname='zspecific.alias1')
uploadCertificate(zspecific_alias1_key, zspecific_alias1_crt)
self.runKedifaUpdater()
def assertResult(hostname, path, certificate):
result_wildcard = fakeHTTPSResult(
'other.alias1.example.com',
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
'Accept-Encoding': 'gzip',
}
)
self.assertEqual(self.certificate_pem, result_wildcard.certificate)
self.assertEqualResultJson(result_wildcard, 'Path', '/wildcard/test-path')
result_specific = fakeHTTPSResult(
'zspecific.alias1.example.com',
hostname,
'test-path',
headers={
'Timeout': '10', # more than default backend-connect-timeout == 5
'Accept-Encoding': 'gzip',
}
)
self.assertEqual(self.certificate_pem, result_specific.certificate)
self.assertEqualResultJson(result_specific, 'Path', '/zspecific/test-path')
self.assertEqual(certificate, result_wildcard.certificate)
self.assertEqualResultJson(
result_wildcard, 'Path', '/%s/test-path' % (path,))
assertResult('www.example.com', '01wildcard', wildcard_crt)
assertResult('www.alias1.example.com', '02wildcard', wildcard_alias1_crt)
assertResult('zspecific.example.com', '03zspecific', zspecific_crt)
assertResult(
'zspecific.alias1.example.com', '04zspecific', zspecific_alias1_crt)
class TestPassedRequestParameter(HttpFrontendTestCase):
......
......@@ -14,19 +14,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"health-check-http-method": "CONNECT",
......@@ -49,6 +36,19 @@
"slave_title": "_health-check-custom",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-default",
"slave_title": "_health-check-default",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-disabled",
"slave_title": "_health-check-disabled",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"health-check": true,
......@@ -66,32 +66,32 @@
},
{
"health-check": true,
"health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
"health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@",
"health-check-http-path": "/health-check-failover-url",
"health-check-authenticate-to-failover-backend": true,
"health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=",
"health-check-http-path": "/health-check-failover-url-auth-to-backend",
"health-check-interval": 1,
"health-check-timeout": 1,
"https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-netloc-list",
"slave_title": "_health-check-failover-url-netloc-list",
"slave_reference": "_health-check-failover-url-auth-to-backend",
"slave_title": "_health-check-failover-url-auth-to-backend",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
},
{
"health-check": true,
"health-check-authenticate-to-failover-backend": true,
"health-check-failover-https-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_auth_port@@/failover-url?a=b&c=",
"health-check-http-path": "/health-check-failover-url-auth-to-backend",
"health-check-failover-https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-https-url?a=b&c=",
"health-check-failover-url": "http://@@_ipv4_address@@:@@_server_http_port@@/failover-url?a=b&c=",
"health-check-failover-url-netloc-list": "@@_ipv4_address@@:@@_server_netloc_a_http_port@@ @@_ipv4_address@@:@@_server_netloc_b_http_port@@",
"health-check-http-path": "/health-check-failover-url",
"health-check-interval": 1,
"health-check-timeout": 1,
"https-only": false,
"https-url": "http://@@_ipv4_address@@:@@_server_http_port@@/https-url",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-auth-to-backend",
"slave_title": "_health-check-failover-url-auth-to-backend",
"slave_reference": "_health-check-failover-url-netloc-list",
"slave_title": "_health-check-failover-url-netloc-list",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/url"
},
{
......@@ -109,27 +109,27 @@
},
{
"health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing",
"health-check-interval": 1,
"health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-missing",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"health-check": true,
"health-check-failover-ssl-proxy-ca-crt": "@@another_server_ca.certificate_pem@@",
"health-check-failover-ssl-proxy-verify": true,
"health-check-failover-url": "https://@@_ipv4_address@@:@@_server_https_port@@/",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-missing",
"health-check-http-path": "/health-check-failover-url-ssl-proxy-verify-unverified",
"health-check-interval": 1,
"health-check-timeout": 1,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-missing",
"slave_reference": "_health-check-failover-url-ssl-proxy-verify-unverified",
"slave_title": "_health-check-failover-url-ssl-proxy-verify-unverified",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
}
],
......
......@@ -14,19 +14,35 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_01wildcard",
"slave_title": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{
"custom_domain": "*.alias1.example.com",
"server-alias": "alias1.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_02wildcard",
"slave_title": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_wildcard",
"slave_title": "_wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard"
"slave_reference": "_03zspecific",
"slave_title": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
},
{
"custom_domain": "zspecific.alias1.example.com",
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_zspecific",
"slave_title": "_zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific"
"slave_reference": "_04zspecific",
"slave_title": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
}
],
"timestamp": "@@TIMESTAMP@@"
......@@ -41,15 +57,27 @@
"monitor-password": "@@monitor-password@@",
"monitor-username": "admin",
"slave-list": [
{
"custom_domain": "*.example.com",
"server-alias": "example.com",
"slave_reference": "_01wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard"
},
{
"custom_domain": "*.alias1.example.com",
"slave_reference": "_wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/wildcard"
"server-alias": "alias1.example.com",
"slave_reference": "_02wildcard",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard"
},
{
"custom_domain": "zspecific.example.com",
"slave_reference": "_03zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific"
},
{
"custom_domain": "zspecific.alias1.example.com",
"slave_reference": "_zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/zspecific"
"slave_reference": "_04zspecific",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific"
}
]
},
......@@ -69,7 +97,7 @@
"cluster-identification": "testing partition 0",
"domain": "example.com",
"enable-http3": "false",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.alias1.example.com\", \"slave_reference\": \"_wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/wildcard\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/zspecific\"}]",
"extra_slave_instance_list": "[{\"custom_domain\": \"*.example.com\", \"server-alias\": \"example.com\", \"slave_reference\": \"_01wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/01wildcard\"}, {\"custom_domain\": \"*.alias1.example.com\", \"server-alias\": \"alias1.example.com\", \"slave_reference\": \"_02wildcard\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/02wildcard\"}, {\"custom_domain\": \"zspecific.example.com\", \"slave_reference\": \"_03zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/03zspecific\"}, {\"custom_domain\": \"zspecific.alias1.example.com\", \"slave_reference\": \"_04zspecific\", \"url\": \"http://@@_ipv4_address@@:@@_server_http_port@@/04zspecific\"}]",
"frontend-name": "caddy-frontend-1",
"http3-port": "443",
"kedifa-caucase-url": "http://[@@_ipv6_address@@]:15090",
......@@ -81,7 +109,7 @@
"plain_http_port": "11080",
"port": "11443",
"request-timeout": "12",
"slave-kedifa-information": "{\"_wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@wildcard_key-generate-auth-url@@?auth=\"}, \"_zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@/@@wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@zspecific_key-generate-auth-url@@?auth=\"}}"
"slave-kedifa-information": "{\"_01wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@01wildcard_key-generate-auth-url@@?auth=\"}, \"_02wildcard\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@02wildcard_key-generate-auth-url@@?auth=\"}, \"_03zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@03zspecific_key-generate-auth-url@@?auth=\"}, \"_04zspecific\": {\"kedifa-caucase-url\": \"http://[@@_ipv6_address@@]:15090\", \"key-download-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@\", \"key-generate-auth-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@/@@01wildcard_key-upload-url@@\", \"key-upload-url\": \"https://[@@_ipv6_address@@]:15080/@@04zspecific_key-generate-auth-url@@?auth=\"}}"
},
"full_address_list": [],
"instance_title": "caddy-frontend-1",
......
......@@ -8,12 +8,18 @@ T-1/var/log/monitor-httpd-error.log
T-2/var/log/backend-haproxy.log
T-2/var/log/expose-csr.log
T-2/var/log/frontend-haproxy.log
T-2/var/log/httpd/_wildcard_access_log
T-2/var/log/httpd/_wildcard_backend_log
T-2/var/log/httpd/_wildcard_frontend_log
T-2/var/log/httpd/_zspecific_access_log
T-2/var/log/httpd/_zspecific_backend_log
T-2/var/log/httpd/_zspecific_frontend_log
T-2/var/log/httpd/_01wildcard_access_log
T-2/var/log/httpd/_01wildcard_backend_log
T-2/var/log/httpd/_01wildcard_frontend_log
T-2/var/log/httpd/_02wildcard_access_log
T-2/var/log/httpd/_02wildcard_backend_log
T-2/var/log/httpd/_02wildcard_frontend_log
T-2/var/log/httpd/_03zspecific_access_log
T-2/var/log/httpd/_03zspecific_backend_log
T-2/var/log/httpd/_03zspecific_frontend_log
T-2/var/log/httpd/_04zspecific_access_log
T-2/var/log/httpd/_04zspecific_backend_log
T-2/var/log/httpd/_04zspecific_frontend_log
T-2/var/log/monitor-httpd-access.log
T-2/var/log/monitor-httpd-error.log
T-2/var/log/slave-introspection-access.log
......
......@@ -15,35 +15,6 @@
"slap_software_release_url": "@@00getSoftwareURL@@",
"slap_software_type": "RootSoftwareInstance",
"slave_instance_list": [
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"custom_domain": "customdomainsslcrtsslkey.example.com",
"slap_software_type": "RootSoftwareInstance",
......@@ -63,6 +34,15 @@
"ssl_key": "@@customdomain_ca_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_garbage",
......@@ -73,12 +53,32 @@
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"enable_cache": true,
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_ca_crt_does_not_match",
"slave_title": "_ssl_ca_crt_does_not_match",
"ssl_ca_crt": "@@ca.certificate_pem@@",
"ssl_crt": "@@certificate_pem@@",
"ssl_key": "@@key_pem@@",
"slave_reference": "_ssl_from_master",
"slave_title": "_ssl_from_master",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_master_kedifa_overrides",
"slave_title": "_ssl_from_master_kedifa_overrides",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave",
"slave_title": "_ssl_from_slave",
"ssl_crt": "@@ssl_from_slave_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_ssl_from_slave_kedifa_overrides",
"slave_title": "_ssl_from_slave_kedifa_overrides",
"ssl_crt": "@@ssl_from_slave_kedifa_overrides_certificate_pem@@",
"ssl_key": "@@ssl_from_slave_kedifa_overrides_key_pem@@",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
......@@ -90,17 +90,17 @@
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
{
"slap_software_type": "RootSoftwareInstance",
"slave_reference": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_title": "_type-notebook-ssl_from_master_kedifa_overrides",
"slave_reference": "_type-notebook-ssl_from_slave",
"slave_title": "_type-notebook-ssl_from_slave",
"ssl_crt": "@@type_notebook_ssl_from_slave_certificate_pem@@",
"ssl_key": "@@type_notebook_ssl_from_slave_key_pem@@",
"type": "notebook",
"url": "http://@@_ipv4_address@@:@@_server_http_port@@/"
},
......
......@@ -35,6 +35,7 @@ import re
import http.server
import multiprocessing
import subprocess
import unittest
import psutil
import requests
......@@ -411,6 +412,7 @@ class TestDeploymentScriptInstantiation(ERP5InstanceTestCase):
with cls.slap.instance_supervisor_rpc as instance_supervisor:
return getattr(instance_supervisor, method)(*args, **kwargs)
@unittest.expectedFailure
def test_ssl_auth(self):
backend_apache_configuration_list = glob.glob(
os.path.join(
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment